To secure the IIS 7.x one of the recommendation is to change the Request Filtering => FIle Extensions: To Allow only the  known extensions.

For example : Default values in IIS 7.x Request Filtering => File Name Extension on IIS

 

Read More @ AspRangers

http://www.asprangers.com/post/2013/03/07/Getting-4047-error-for-%E2%80%9C%E2%80%9D-root-requests-after-Disabling-Allow-Unlisted-file-extension.aspx